From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 5AC564FCA0
	for <ffmpegdev@gitmailbox.com>; Sun, 29 Jun 2025 06:46:33 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 55F7268D24A;
	Sun, 29 Jun 2025 09:45:50 +0300 (EEST)
Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com
 [209.85.210.195])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 8716368D1B9
 for <ffmpeg-devel@ffmpeg.org>; Sun, 29 Jun 2025 09:45:40 +0300 (EEST)
Received: by mail-pf1-f195.google.com with SMTP id
 d2e1a72fcca58-7490702fc7cso2672662b3a.1
 for <ffmpeg-devel@ffmpeg.org>; Sat, 28 Jun 2025 23:45:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1751179539; x=1751784339; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=g9aC3dijOICUBA52ZUNliiE/HIbE+IJLByRF37Qyvno=;
 b=BDVZDRs4EDvTTJVS+xUO1pqbAGmkAE58x0Se6oiLPZT0n3ya0UWQCt5st1RmGiUV+p
 2yZlFPGiJDiDAt1RdAN6Mv1G6Z7CtbBFtgNXAlCoCKNtj1TOCIX4uzdu+zubz3Zp+FZg
 ESqeh1T/EB76WqIsli5NNEd1T1yG4oG40oQltrnCzNOPn8CbDHvKD51snkV4En3Vipx0
 vM4XCs23enFlaFh8vIOYzzBuqwQxkF2+qrBz4TbOClz02lb0RmKBgMnPaf4ogoR1tZoy
 2PfycjgvWbaP6bosw++xvtsWq5HJHwHNE3om6O05bqYZBmUjnGjbA0+7AGGN0nNcwJA6
 +/yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1751179539; x=1751784339;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=g9aC3dijOICUBA52ZUNliiE/HIbE+IJLByRF37Qyvno=;
 b=TPh2Q9SFN6aHWqrIlcJGNJnI63LzVDmQuksobIw4nWqoy0nfde69lpgSJPPgeg3JRT
 VkLBLPGJArYWlDX8jiEf0a8nSNnuGm9zKfWTqy3Hz0B8907K1m3hnOQQwVtOUNtPREXe
 MQnqUmEq7g0CObsyExC8NAzSxEiofW+xbri2Ayncn7Q4wz9wOUZ2v5e05DWkDjSO99F9
 1sQ8vtkA0DPTdOw0smgEq5ulbsPaks9yrv0DQBHqj5Xi1Dg+I7Z4NdpC+NiuuTwvIwX9
 n7BIb+XZ/D1c+jQTW6foRVWKQ5Puhb5kbYrs3b8lMAfUGp4zWJZSipbFoScYL2oKG2pv
 IVhA==
X-Gm-Message-State: AOJu0Yy57sljMM2YQj+1n1dqF1b69srd9eDOf8tB+PCLWLf8ITWK5kuT
 +bcwZmPcsXdCJV5Obp0ly0s0jFTjjuuRacP1CqwpTJzyiA8ZPF/BRFTMvrMsmNxPPzm5/A==
X-Gm-Gg: ASbGncvTGTmFFtVFTlqpNf1LauELu3MKwjPneiNJXEXcI+WkfK7dFFpvi5qJMMpuue0
 VFLh2IBimfn8CteuMITV5etmEor0wmYdwRJwwYO+YhMj79bUngP2638XYHLQKN045cv2FCk98jA
 LkqlFJHG6Fu3d4tB/OwannsL65wCyCdHTXizipwuGkCYIKt6mek9gDHM4zz6qxZylcSwZc3kgPu
 lU9oFa8kTJOo+H4BKxT7c5DhoWtk68ueEcv24MrJy/MlKx/NCs/ABCtTpsVMRpcUrjlXjUa/0H4
 wAV9+z1XKYWZtjZnvPA7Vl7or9ttYM2lPQ9JSG0Mf8ZEoAvAiLKdXu5DT8eZqcG2jrWq
X-Google-Smtp-Source: AGHT+IFkGJhNpHCPGllrWB/GZBVOmNZ2xl1slIa63XieRFmR8/nHSp/XQHujs8BaxgCPhXqpZcIHHg==
X-Received: by 2002:a05:6a20:3d8d:b0:220:8fee:6d50 with SMTP id
 adf61e73a8af0-220a16a12e9mr14234444637.22.1751179538711; 
 Sat, 28 Jun 2025 23:45:38 -0700 (PDT)
Received: from r760 ([188.253.126.204]) by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-b34e3200fedsm5178086a12.73.2025.06.28.23.45.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 28 Jun 2025 23:45:38 -0700 (PDT)
From: Lidong Yan <yldhome2d2-at-gmail.com@ffmpeg.org>
X-Google-Original-From: Lidong Yan <502024330056@smail.nju.edu.cn>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 29 Jun 2025 14:45:25 +0800
Message-ID: <20250629064526.2992143-5-502024330056@smail.nju.edu.cn>
X-Mailer: git-send-email 2.50.0.106.gf0135a9047.dirty
In-Reply-To: <20250629064526.2992143-1-502024330056@smail.nju.edu.cn>
References: <20250629064526.2992143-1-502024330056@smail.nju.edu.cn>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 4/5] avcodec/sunrast: fix leak in
 sunrast_decode_frame()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Lidong Yan <502024330056@smail.nju.edu.cn>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250629064526.2992143-5-502024330056@smail.nju.edu.cn/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

In sunrast_decode_frame(), we use av_malloc_array() allocates memory
to ptr and ptr2. However if buf_end - buf < 1, this function returns
error code without freeing this memory thus cause a leak. Add av_freep()
before return.

Signed-off-by: Lidong Yan <502024330056@smail.nju.edu.cn>
---
 libavcodec/sunrast.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/sunrast.c b/libavcodec/sunrast.c
index 9e49c4f275..cc27838f5b 100644
--- a/libavcodec/sunrast.c
+++ b/libavcodec/sunrast.c
@@ -163,8 +163,10 @@ static int sunrast_decode_frame(AVCodecContext *avctx, AVFrame *p,
         x = 0;
         while (ptr != end && buf < buf_end) {
             run = 1;
-            if (buf_end - buf < 1)
+            if (buf_end - buf < 1) {
+                av_freep(&ptr2);
                 return AVERROR_INVALIDDATA;
+            }
 
             if ((value = *buf++) == RLE_TRIGGER) {
                 run = *buf++ + 1;
-- 
2.50.0.106.gf0135a9047.dirty

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".